TR CMS 101:2011. Standard for Compliance Management Systems (CMS)
|
|
- Kenneth Armstrong
- 8 years ago
- Views:
Transcription
1 TR CMS 101:2011 Standard for Compliance Management Systems (CMS) of TÜV Rheinland, Cologne Total scope: 22 pages
2 Contents Foreword Introduction Field of application Aims of the compliance management system Terms Compliance management system General requirements Documentation requirements General Control of specifications Control of records Responsibility of the management Obligation of the management Responsibility, authority and communication Responsibility and authority Compliance Officer Internal communication Management evaluation General Input for the evaluation Results of the evaluation Management of resources Provision of resources Personnel resources General Expertise, training and awareness Infrastructure Compliance processes and implementation Specific compliance risks affecting the organisation Applicable compliance requirements Decision on the appropriate measures to fulfil the compliance requirements Integration of the compliance requirements in the work processes Dealing with compliance-relevant conflicts of interest System of clearances, approvals and authorisations Whistleblower system Advice, support Dealing with compliance-relevant processes External service providers System monitoring, analysis and improvement Internal audits Monitoring Improvement Constant improvement Corrective measures Preventative measures References
3 Foreword Top management are responsible for the installation, maintenance and constant improvement of a management system to fulfil the compliance requirements. As a cross-cutting issue, compliance affects all areas and functions within an organisation. Compliance measures are not implemented on an isolated basis but must be integrated in the organisation s administrative and operational processes. This requires a systematic approach to achieve fulfilment of the compliance requirements throughout the organisation. In view of the significance of compliance and the possible consequences of breaches of compliance requirements, the compliance management system is an independent management system. The compliance management system features points of contact with other management systems and rules and regulations (e.g. corporate governance, risk management, quality management, environmental management, business continuity management, sustainability management). Compliance requirements are not static but are subject to frequent changes (e.g. because of changes to legislation, the acceptance of new activities or the extension of activities to new regions). To bring the compliance management to fruition and to improve it constantly, an iterative process is required, which is presented in the following overview: - 3 -
4 Compliance requirements Compliance Management responsibility Chap. 5 Planning & Documentation Chap. 4 Improvement Chap. 8.3 Resource management Chap. 6 Implementation Chap. 7 Monitoring Chap. 8.1, 8.2 Figure 1- Model of a process-based Compliance Management Systems (CMS) The documentation of the compliance management system allows it to be implemented and maintained independently. The effective implementation and maintenance of a compliance management system and its communication within the organisation and externally also generates additional opportunities for the organisation. The confidence this engenders in stakeholders (e.g. employees, customers, authorities, shareholders, investors) can result in more sustainable relationships (e.g. greater customer loyalty, long-term business relationships, greater motivation among employees). The organisation can also benefit from lower costs for corrective measures, more favourable financing terms and insurance premiums
5 0 Introduction This standard highlights the basic elements, which a management system must contain to fulfil the compliance requirements applicable for the organisation; the specific structure and implementation of the compliance management system depend on the organisation and are the responsibility of top management. The elements of the compliance management system highlighted in this standard are testable and detectable, to establish whether and in which respects an organisation has a compliance management system that fulfils the targets described in section 2. Compliance management systems may be differently structured or documented in a way that is specific to the organisation. The TR CMS 101:2011 standard for compliance management systems allows an organisation to be issued with a certificate, having successfully carried out the system audit, confirming that it demonstrably a) maintains an effective compliance management system, b) fulfils the minimum requirements of a compliance management system, and c) is in a position to implement preventative and corrective measures. Certification of the compliance management system does not constitute a statement that the organisation actually fulfils all applicable compliance requirements; the execution of the certification audit does not represent advice with regard to the applicable rules or legal advice. A certification audit or certification does not, in principle, relieve the organisation from liability in the case of corporate negligence or breaches of its duty of supervision. Specifications for the audit and test instructions are set down in a separate guideline by TÜV 1 Field of application The present standard stipulates the fundamental elements that are part of a compliance management system. It is applicable to all organisations both at home and abroad. The structure and realisation of the compliance management system are influenced by a) the size and structure of the organisation, the nature of its activities, b) the regions in which the organisation operates, - 5 -
6 c) the products produced, d) the processes applied, e) the environment, changing requirements, f) specific risks affecting the organisation and g) the organisation s particular aims. Elements of the compliance management system must be stipulated in such a way that they can be detected and tested. This allows the fact of whether the organisation has an effective compliance management system to be determined. 2 Aims of the compliance management system The aim of the compliance management system is systematically to create the preconditions in the organisation that will ensure breaches of compliance requirements are avoided or made significantly more difficult and breaches that have occurred can be recognised and dealt with. 3 Terms Outsourced compliance processes Audit Business continuity management Compliance Compliance requirements Compliance-relevant processes, which are carried out by an external office on the basis of a decision by the organisation. Audit Ensuring the maintenance of key processes in an organisation following the occurrence of serious events Fulfilment of compliance requirements (please refer to that section) All rules and regulations, which must be observed by the organisation and the people working there, irrespective of whether these are statutory or official compliance requirements or requirements that have been imposed on the organisation by itself or imposed by another organisation on its staff
7 Compliance Officer Compliance culture Whistleblower System Key figures in measuring compliance Member of top management tasked with implementing the elements of the compliance management system Internal acceptance of compliance requirements, behaviour that reflects them and actual consideration of compliance requirements in the organisation Option of being able to turn to an (internal or external) contact point with compliancerelevant information outside the normal reporting channels Measurable statistics, which allow numerical conclusions to be drawn regarding the effectiveness of the compliance management system (e.g. number of breaches of compliance requirements recognised) 4 Compliance management system 4.1 General requirements The organisation must introduce a compliance management system, document it, realise it, maintain it and constantly improve its effectiveness. The organisation must a) stipulate the processes required for the compliance management system and its application throughout the organisation, b) stipulate the sequence and interaction of these processes, c) stipulate the criteria and methods required to ensure that these processes are executed and controlled effectively, d) ensure that the resources and information needed to execute and monitor these processes are available, e) monitor these processes, measure and analyse them, if appropriate, and f) take the measures needed to achieve the planned results and a constant improvement in these processes
8 The organisation must guide and control these processes in compliance with the requirements of this standard. If the organisation decides to outsource compliance-relevant processes, it must ensure that processes of this kind are controlled. The scope and extent to which outsourced processes of this kind are controlled must be stipulated in the compliance management system. NOTE The outsourcing of compliance-relevant processes does not relieve the organisation of the duty to fulfil the compliance requirements applicable to it. 4.2 Documentation requirements General The documentation on the compliance management system must contain the necessary specifications and records. The usual specifications are: a) Legal sources; including laws, ordnances, administrative acts, articles of association, binding standards or codes, b) List of specific compliance requirements applicable to the organisation (manuals, guidelines), c) Description of the compliance management system, d) Documented procedures and processes or operating instructions to ensure fulfilment of compliance requirements and to network compliance-relevant processes with other processes and e) Documented procedures, which are required by this standard. The usual records are: a) Records of results of compliance audits and corrective measures, b) Compliance reports, c) Risk analyses and evaluations - 8 -
9 d) Records of key figures in measuring compliance, e) Minutes of top management s involvement with compliance issues f) Documents on the conduct of compliance training sessions, g) Documents on breaches of compliance requirements and the measures and sanctions adopted in these cases, h) Records, which the organisation has classified as necessary to ensure the effective planning, execution and control of its processes, and i) Records prescribed by law Control of specifications The specifications required by the compliance management system must be controlled. A documented procedure to stipulate the requisite control measures must be introduced to a) approve documents before they are issued, b) evaluate documents at planned intervals, to update them if necessary and to approve them once more, c) ensure that amendments and the current revision status of documents are marked, d) ensure that the valid versions of relevant documents are available at the respective locations, e) ensure that documents are legible and comprehensible for those affected, g) prevent the unintended use of out of date documents and to mark these appropriately if they are stored, h) ensure that statutory posting and display duties are complied with and i) ensure that documents and records are stored and protected in a suitable manner for the duration of the - 9 -
10 storage period imposed by law or otherwise, that they are legible, easily recognisable and are easily retrievable Control of records Records of compliance with compliance requirements must be controlled. The organisation must introduce a documented procedure to stipulate the control measures, which are required for the marking, storage, protection, retrievability of records, compliance with the storage period and the availability of records. Records must be legible, easily recognisable and stored in a way that makes them retrievable. 5 Responsibility of the management 5.1 Obligation of the management Top management must demonstrate the development and realisation of the compliance management system and the constant improvement of its effectiveness by a) conveying the binding force of compliance requirements and the significance of compliance with compliance requirements to the organisation, b) giving a commitment to the creation of a compliance culture, in particular, expressing its expectation that compliance requirements will actually be complied with, c) aligning the organisation s aims and values with the compliance requirements, d) reviewing the compliance risk analysis with regard to actual risks on a regular basis and adjusting it, if applicable, d) carrying out management evaluations of the compliance management system on a scheduled basis, e) ensuring that resources are available and
11 f) monitoring the ongoing appropriateness and functioning of the compliance management system. 5.2 Responsibility, authority and communication Responsibility and authority Top management must ensure that responsibilities and authorities are stipulated and disclosed within the organisation Compliance Officer Top management must carefully select and appoint a member of the organisation s management, who will have the responsibility and authority, alone or in cooperation with others: a) to work towards the processes required for the compliance management system being introduced, realised and maintained, b) to report to top management on the performance and effectiveness of the compliance management system and any need for improvements, c) to ensure awareness and communication of compliance requirements through the organisation and d) to pick up compliance-relevant events on his own initiative, to document them and report them to top management. Top management will allow the Compliance Officer to perform his compliance tasks independently. It will not assign any additional tasks to the Compliance Officer, which could entail conflicts of objectives with fulfilment of the compliance tasks Internal communication Top management must ensure that suitable communication processes are introduced and maintained within the organisation as a whole and communication takes place with regard to the effectiveness of the compliance management system. Communication must include informing everybody of the compliance requirements affecting them and
12 drawing attention to possible consequences of compliance breaches. Top management must ensure that recognised breaches of compliance requirements are reported without delay. Top management must ensure that it complies with its duties to provide information and report on compliance issues to the internal supervisory bodies. The internal supervisory bodies are involved with the organisation s compliance issues in accordance with their statutory supervisory duties and duties of care. 5.3 Management evaluation General Top management must evaluate the organisation s compliance management system at appropriate intervals on a scheduled basis to ensure its ongoing suitability, appropriateness and effectiveness. The evaluation must include the evaluation of options for improvements and the need for amendments regarding the compliance management system. Records of the management evaluation must be maintained
13 5.3.2 Input for the evaluation Input for the management evaluation must contain information on the following: a) Results of audits, b) References to compliance-relevant issues from employees, business partners, customers, users, authorities, associations etc., c) Reports of recognised breaches of compliance requirements, d) Status and effectiveness of preventative and corrective measures and expenditure for corrective measures taken, e) Follow-up measures to previous management evaluations and results of follow-up measures of previous monitoring, f) Changes, which could have an impact on the compliance management system (e.g. legal changes, changes in the risk situation), g) Recommendations for improvements and h) Key figures in measuring compliance Results of the evaluation The results of the management evaluation must contain decisions and measures on the following: a) Improvement of the effectiveness of the compliance management system and its processes, b) Demand for resources and c) Covering the identified demand for training on compliancerelevant processes
14 6 Management of resources 6.1 Provision of resources The organisation must identify and provide the resources needed to realise the compliance management system, to maintain it and to improve its effectiveness constantly. 6.2 Personnel resources General People, who have to observe compliance requirements for their work, must have the education, training, skills and experience needed to fulfil these requirements Expertise, training and awareness The organisation must a) systematically identify and evaluate the training demand needed to achieve the requisite expertise to fulfil the compliance requirements, b) carry out the compliance training or other measures needed to convey this expertise. c) assess the effectiveness of the measures taken, d) generate understanding of the significance of fulfilling compliance requirements and awareness of the possible consequences of compliance breaches and e) maintain suitable records of education, training, expertise and experience as well as other measures to promote the requisite expertise. 6.3 Infrastructure The organisation must identify, provide and maintain the infrastructure needed to fulfil the compliance requirements
15 If required, the organisation must allow access to (internal or external) legal advice with regard to the extent, the applicability, the validity and the reach of compliance requirements. 7 Compliance processes and implementation 7.1 Specific compliance risks affecting the organisation The organisation must systematically analyse and identify compliance risks, which result from its size, structure, the nature of its activity and the regions in which it operates. Top management must a) ensure that it receives regular reports on the organisation's compliance risks, and b) regularly evaluate the organisation s specific compliance risks and take suitable measures to prevent them. 7.2 Applicable compliance requirements The organisation must a) systematically analyse and identify the compliance risks specifically applicable to it because of its activities (e.g. services, products, geographical regions) and document the procedure for this purpose, b) monitor amendments to the specifically applicable compliance requirements and the impact of these amendments on the organisation on an ongoing basis, c) decide on the introduction of mandatory compliance specifications, which do not already apply by law or official decree, d) document the compliance requirements specifically applicable to it and make them available and e) ensure that all those affected are informed of the applicable compliance requirements and
16 f) update the documentation of the compliance requirements specifically applicable to it on an ongoing basis. 7.3 Decision on the appropriate measures to fulfil the compliance requirements The organisation must have processes, with which it can ensure that the appropriate measures to fulfil the compliance requirements are taken and the appropriate processes for the size and structure of the organisation, the nature of its activity and the regions in which it operates are introduced. 7.4 Integration of the compliance requirements in the work processes Work processes must be structured in such a way that fulfilment of the compliance requirements is facilitated and made possible. 7.5 Dealing with compliance-relevant conflicts of interest The organisation must have processes with which possible and actual compliance-relevant conflicts of interest can be identified. It must provide those affected by requirements with criteria as to how they must deal with possible and actual compliance-relevant conflicts of interest. This is also true with respect to conflicts between the interests of the organisation on the one hand and the interests of customers or users on the other. The organisation must ensure that there is the appropriate separation of functions needed to avoid compliance-relevant conflicts of interest. 7.6 System of clearances, approvals and authorisations The organisation must have a system of authorisations for clearances and approvals that is suitable to avoid breaches of compliance requirements. The valid clearance thresholds, approval requirements and the necessity of several persons working together to execute compliance-relevant transactions must be documented and disclosed within the organisation. 7.7 Whistleblower system The organisation must establish an (internal or external) contact point and publicise it within the organisation, which will allow people to provide
17 compliance-relevant information (e.g. on recognised breaches of compliance requirements) - anonymously, if required - or contribute suggestions. The processes in dealing with compliance-relevant information and suggestions received by the contact point must be documented. Whistleblowers will receive feedback on the treatment of their information and suggestions unless they are anonymous. NOTE A new function does not necessarily have to be created for the whistleblower system. However, the whistleblower system must allow people to turn to a contact point with compliance-relevant information outside the organisation s normal reporting channels 7.8 Advice, support The organisation must ensure that those affected receive advice and support if they have questions on compliance-relevant issues and in dealing with conflicts of interest. 7.9 Dealing with compliance-relevant processes The organisation must have a documented procedure for dealing with compliance-relevant transactions, including responsibilities and reporting channels. The organisation must ensure that the external communication prescribed by law (e.g. duties to report, notify, provide information and warnings vis-à-vis the authorities) is possible. All relevant compliance transactions, as well as their treatment and solution, must be documented
18 7.10 External service providers The organisation must ensure that at least the same compliance requirements apply to external service providers, which it makes use of to fulfil its compliance requirements or which it involves in compliance relevant transactions, as to the organisation itself. 8 System monitoring, analysis and improvement The organisation must plan and realise the monitoring, analysis and improvement processes needed to ensure the effectiveness of the compliance management system. 8.1 Internal audits The organisation must carry out internal audits at planned intervals to establish whether the compliance management system a) fulfils the compliance requirements and the requirements for the compliance management system described in this standard and b) is effectively realised and maintained. An audit programme must be planned under which the status and the significance of the processes and areas as well as the results of previous audits must be taken into account. The audit criteria, the audit scope, the audit frequency and the audit methods must be stipulated. The choice of audits and the execution of the audit must ensure the objectivity and impartiality of the audit process. Auditors may not audit their own work. The organisation will decide on the responsibilities and on the execution of audits as well as on the reporting of the results and on the maintenance of records. The key results of the compliance audit must be reported to top management. Records of audits and their results must be maintained. The management responsible for the audited area must ensure that any corrections and corrective measures required must be taken to rectify recognised deviations and their causes without unjustified delay. Follow-up measures must include verification of the measures taken and reporting on the results of the verification
19 8.2 Monitoring The organisation must use suitable methods to monitor the compliance management system and document the results of monitoring the compliance management system. These methods must show that the processes introduced are capable of fulfilling the compliance requirements. Monitoring must refer to the compliance-relevant processes outsourced by the organisation and the external offices used to execute these processes. Where applicable, key figures in measuring compliance must be introduced and used to establish the effectiveness of the processes to fulfil the compliance requirements. Notifications or reports on compliance-relevant incidents or events (including breaches of compliance requirements) received will be picked up immediately and on a scheduled basis and reported to the defined offices. If the planned results are not achieved, corrections and corrective measures must be taken, if appropriate. The status of corrective measures must be followed up on an ongoing basis by the persons responsible specified by the organisation. 8.3 Improvement Constant improvement The organisation must constantly improve the effectiveness of the compliance management system on the basis of the results of the monitoring including the audit results, the compliance key figures and the management evaluations
20 8.3.2 Corrective measures The organisation must take appropriate corrective measures to rectify the causes of recognised breaches of compliance requirements, in order to prevent their occurring again. A documented procedure must be introduced to stipulate requirements for a) the evaluation of breaches of compliance requirements, b) the establishment of causes of breaches of compliance requirements, c) the assessment of the need for action to prevent breaches of compliance requirements occurring again, d) the establishment and realisation of the requisite measures, e) recording the results of the measures taken, f) assessing the effectiveness of the measures taken and g) assessing the effectiveness of the monitoring measures Preventative measures The organisation must stipulate appropriate measures for rectifying the causes of possible breaches of compliance requirements, to prevent their occurring. A documented procedure must be introduced to stipulate requirements for a) the establishment of possible future breaches of compliance requirements and their causes, b) the assessment of the need for action to prevent breaches of compliance requirements occurring, c) the establishment and realisation of the requisite measures, d) recording the results of the measures taken and
21 e) assessing the effectiveness of the preventative measures taken
22 References ISO 9001:2008 ONR 49001:2004 BS AS ISO 26000:
Compliance Management Systems
Certification Scheme Y03 Compliance Management Systems ISO 19600 ONR 192050 Issue V2.1:2015-01-08 Austrian Standards plus GmbH Dr. Peter Jonas Heinestraße 38 A-1020 Vienna, Austria E-Mail: p.jonas@austrian-standards.at
More informationISO 9001:2000 AUDIT CHECKLIST
ISO 9001:2000 AUDIT CHECKLIST No. Question Proc. Ref. Comments 4 Quality Management System 4.1 General Requirements 1 Has the organization established, documented, implemented and maintained a quality
More informationDNV GL Assessment Checklist ISO 9001:2015
DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization
More informationA Guide to Corporate Governance for QFC Authorised Firms
A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide
More informationAuthorisation Requirements and Standards for Debt Management Firms
2013 Authorisation Requirements and Standards for Debt Management Firms 2 Contents Authorisation Requirements and Standards for Debt Management Firms Contents Chapter Part A: Authorisation Requirements
More informationQUALITY MANAGEMENT SYSTEM Corporate
Page 1 of 12 4 Quality Management System 4.1 General Requirements The Peerless Pump Quality Management System shall include: Documented statements of a quality policy and of quality objectives; A quality
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationVigilant Security Services UK Ltd Quality Manual
Quality Manual Date: 11 th March, 2014 Issue: 5 Review Date: 10 th March 2015 VSS-COM-PRO-001 SCOPE This Quality Manual specifies the requirements for the Quality Management System of Vigilant Security
More informationNuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system
Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Published in the Official State Gazette (BOE) number 270 of November
More informationCCD MARINE LTD QUALITY MANUAL PROCEDURE Q0.000. Date: Title. Revision: QUALITY MANUAL PROCEDURE Q0.000. 29 September 2014
Title: Quality Manual Uncontrolled if Hardcopy CCD MARINE LTD th Date: 29 September 2014 Doc Ref: Q0.000 Issued By: Sarah Leighton Rev No: 2 Title Revision: Date: QUALITY MANUAL PROCEDURE Q0.000 2 29 September
More informationISO 9001:2008 Quality Management System Requirements (Third Revision)
ISO 9001:2008 Quality Management System Requirements (Third Revision) Contents Page 1 Scope 1 1.1 General. 1 1.2 Application.. 1 2 Normative references.. 1 3 Terms and definitions. 1 4 Quality management
More informationCP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems
Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER
More informationAct on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)
Unofficial Translation Ministry of Employment and the Economy, Finland September 2015 Section 1. Objectives of the Act Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006)
More informationCorporate Governance Guidelines
Corporate Governance Guidelines 1. Introduction Entra ASA ( Entra ), and together with its subsidiaries, ( the group ) will be subject to the reporting requirements on corporate governance set out in 3
More informationNordea Bank AB FI Ref. 13-1784 through Chair of Board Service no. 1 Smålandsgatan 17 105 71 STOCKHOLM
18 May 2015 DECISION Nordea Bank AB FI Ref. 13-1784 through Chair of Board Service no. 1 Smålandsgatan 17 105 71 STOCKHOLM Warning and administrative fine Finansinspektionen's decision (to be issued on
More informationFINMA communication policy
25 September 2014 FINMA communication policy Laupenstrasse 27, 3003 Bern Tel. +41 (0)31 327 91 00, Fax +41 (0)31 327 91 01 www.finma.ch Contents 1 Introduction... 3 2 Principles of FINMA communication
More informationBLOOM AND WAKE (ELECTRICAL CONTRACTORS) LIMITED QUALITY ASSURANCE MANUAL
130 Wisbech Road Outwell Wisbech Cambridgeshire PE14 8PF Tel: (01945) 772578 Fax: (01945) 773135 Copyright 2003. This Manual and the information contained herein are the property Bloom & Wake (Electrical
More informationLONDON STOCK EXCHANGE HIGH GROWTH SEGMENT RULEBOOK 27 March 2013
LONDON STOCK EXCHANGE HIGH GROWTH SEGMENT RULEBOOK 27 March 2013 Contents INTRODUCTION... 2 SECTION A ADMISSION... 3 A1: Eligibility for admission... 3 A2: Procedure for admission... 4 SECTION B CONTINUING
More informationInternational Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.
ISO 2002 All rights reserved ISO / IWA 2 / WD1 N5 Date: 2002-10-25 Secretariat: SEP-MÉXICO International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000
More informationQuality Manual. UK Wide Security Solutions Ltd. 1 QM-001 Quality Manual Issue 1. January 1, 2011
Quality Manual 1 QM-001 Quality Manual Issue 1 January 1, 2011 This document is uncontrolled when printed. Please verify with Quality Management Representative 16 Dukes Close, West Way, Walworth Industrial
More informationQUALITY MANAGEMENT SYSTEMS REQUIREMENTS FOR SERVICE QUALITY BY PUBLIC SERVICE ORGANIZATIONS
Indian Standard QUALITY MANAGEMENT SYSTEMS REQUIREMENTS FOR SERVICE QUALITY BY PUBLIC SERVICE ORGANIZATIONS ICS 03.120.10 BIS 2005 BUREAU OF INDIAN STANDARDS MANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG NEW
More informationOECD GUIDELINES FOR PENSION FUND GOVERNANCE
OECD GUIDELINES FOR PENSION FUND GOVERNANCE These Guidelines were approved by the Working Party on Private Pensions on 5 June 2009. OECD GUIDELINES FOR PENSION FUND GOVERNANCE 1 I. GOVERNANCE STRUCTURE
More informationPositioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg
Positioning the internal audit function within the Solvency II framework Key challenges Jérôme Sosnowski Director Governance, Risk & Compliance Deloitte Luxembourg Ludovic Bardon Senior Manager Audit Deloitte
More informationNB: Unofficial translation, legally binding only in Finnish and Swedish
NB: Unofficial translation, legally binding only in Finnish and Swedish Ministry of Employment and the Economy, Finland Act on Authorised Industrial Property Attorneys (22/2014) In accordance with a decision
More informationISO 9001 (2000) QUALITY MANAGEMENT SYSTEM ASSESSMENT REPORT SUPPLIER/ SUBCONTRACTOR
Page 1 of 20 ISO 9001 (2000) QUALITY MANAGEMENT SYSTEM ASSESSMENT REPORT SUPPLIER/ SUBCONTRACTOR SUPPLIER/ SUBCONTRACTOR NAME: ADDRESS: CITY AND STATE: ZIP CODE: SUPPLIER/MANUFACTURER NO PHONE: DIVISION:
More informationJuly 2012. Objectives and key requirements of this Prudential Standard
Prudential Standard CPS 510 Governance Objectives and key requirements of this Prudential Standard The ultimate responsibility for the sound and prudent management of an APRA-regulated institution rests
More informationVPO NOK Rules. Rules for the Central Securities Settlement. in Norwegian Kroner
Entry into force: 29. April 2015 Version: 1.1 Published 27. April 2015 VPO NOK Rules Rules for the Central Securities Settlement in Norwegian Kroner This document is a translation from the original Norwegian
More informationRegulation for Establishing the Internal Control System of an Investment Management Company
Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal
More informationISO 9001:2000 Gap Analysis Checklist
ISO 9001:2000 Gap Analysis Checklist Type: Assessor: ISO 9001 REQUIREMENTS STATUS ACTION/COMMENTS 4 Quality Management System 4.1 General Requirements Processes needed for the quality management system
More informationStatutes in translation Please note that this translations are not official translations. The translation is furnished for information purposes only
Statutes in translation Please note that this translations are not official translations. The translation is furnished for information purposes only and the documents are not legal documents. The texts
More informationSMALL BUSINESS OH&S SELF APPRAISAL
SMALL BUSINESS OH&S SELF APPRAISAL This questionnaire is designed to help you judge whether your Occupational Health & Safety Management System (OHSMS) is ready for assessment. Completing this questionnaire
More informationCHARTER OF ETHICS AND BEHAVIOUR
CHARTER OF ETHICS AND BEHAVIOUR Behaviour Principles and Rules P.02 Deployment P.07 The Charter of Ethics was adopted at the meeting of the Groupe Eurotunnel Board Meeting of 28/01/2013 Groupe Eurotunnel
More informationQUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents
Chapter j 38 Self Assessment 729 QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements 1. Establishing and implementing a documented quality management system 2. Implementing a documented quality
More informationDisclosure to Promote the Right To Information
इ टरन ट म नक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information
More informationRemuneration Policy BinckBank N.V.
Remuneration Policy BinckBank N.V. This document is a translation of the Dutch original and is provided as a courtesy only. In the event of any disparity, the Dutch version shall prevail. No rights may
More informationQUALITY MANUAL 3 KENDRICK ROAD WAREHAM, MA 02571 508-295-9591 FAX 508-295-6752
QUALITY MANUAL 3 KENDRICK ROAD WAREHAM, MA 02571 508-295-9591 FAX 508-295-6752 Section 1. REVISION STATUS Revision 01 Initial Issue 02/13/95 Revision 02 ECO No.Q-0032 05/07/96 Revision 03 ECO No.97171
More informationAsset Management Systems Scheme (AMS Scheme)
Joint Accreditation System of Australia and New Zealand Scheme (AMS Scheme) Requirements for bodies providing audit and certification of 13 April 2015 Authority to Issue Dr James Galloway Chief Executive
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationCorporate Governance Principles
2 Corporate Governance Principles Preamble Trust in the corporate policy of Bayerische Landesbank (BayernLB) is largely dependent on the degree to which there are responsible, transparent management and
More informationJuly 2014. Handbook of Prudential Requirements for Investment Intermediaries. Page 0 of 12 Page 0 of 12
July 2014 Handbook of Prudential Requirements for Investment Intermediaries Page 0 of 12 Page 0 of 12 Handbook of Prudential Requirements for Investment Intermediaries Contents Table of Contents Introduction
More informationInsurance Undertakings and Compliance Requirements
REGULATION N. 20 OF 26 MARCH 2008 (Only the Italian version is authentic) REGULATION CONCERNING INTERNAL CONTROLS, RISK MANAGEMENT, COMPLIANCE AND THE OUTSOURCING OF ACTIVITIES OF INSURANCE UNDERTAKINGS,
More informationCESR Consultation Paper on UCITS Management Company Passport
News Bulletin October 24, 2008 CESR Consultation Paper on UCITS Management Company Passport Background On 30 th September 2008, the Committee of European Securities Regulators ( CESR ) issued a consultation
More informationISO 9001 : 2008 QUALITY MANAGEMENT SYSTEM AUDIT CHECK LIST INTRODUCTION
INTRODUCTION What auditors should look for: the items listed in these headings that the ISO requirement is met that the requirement is met in the manner described in the organization's documentation Page
More informationCORPORATE GOVERNANCE. Deviations from the Dutch corporate governance code
CORPORATE GOVERNANCE Brunel International s understanding of corporate governance is based on applicable laws, the rules and regulations applicable to companies listed on the NYSE Euronext Amsterdam stock
More informationTHE GROUP S CODE OF CORPORATE GOVERNANCE
THE GROUP S CODE OF CORPORATE GOVERNANCE REVISED SEPTEMBER 2012 CONTENTS INTRODUCTION..... p. 4 A) RULES OF OPERATION OF UNIPOL GRUPPO FINANZIARIO S.p.A. s MANAGEMENT BODIES....... p. 6 A.1 BOARD OF DIRECTORS....
More informationCompliance Regulations, 23 August 2012
Compliance Regulations, August 0 (as amended on 0 April 0) Table of contents Chapter Basic principle, purpose and scope of application Art. Basic principle and purpose Art. Definition of compliance Art.
More informationof 28 September 2007 (Status as of 1 April 2010)
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Ordinance on Data Protection Certification (DPCO) 235.13
More informationRev: Issue 4 Rev 4 Quality Manual AOP0101 Date: 10/07/13. Quality Manual. CBT Technology, Inc. 358 North Street Randolph, MA 02368
Quality Manual CBT Technology, Inc. 358 North Street Randolph, MA 02368 Issue 4 Revision 4 Note: updates are in italics Page 1 of 18 1.0 Scope and Exclusions Scope This Quality Manual contains policies
More informationInvitation of expressions of interest for the provision of insurance cover
Invitation of expressions of interest for the provision of insurance cover 1. Context and Overview 1.1. The Authority The Irish Auditing and Accounting Supervisory Authority ( IAASA ) is the independent
More informationNABL NATIONAL ACCREDITATION
NABL 160 NABL NATIONAL ACCREDITATION BOARD FOR TESTING AND CALIBRATION LABORATORIES GUIDE for PREPARING A QUALITY MANUAL ISSUE NO. : 05 AMENDMENT NO : 00 ISSUE DATE: 27.06.2012 AMENDMENT DATE: -- Amendment
More informationPART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2
PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of
More informationCHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems
Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field
More informationForeword 2 STO BR IBBS-1.1-2007
BANK OF RUSSIA STANDARD STO BR IBBS-1.1-2007 INFORMATION SECURITY OF RUSSIAN BANKING INSTITUTIONS INFORMATION SECURITY AUDIT* Date enacted: 1 May 2007 Moscow 2007 2 STO BR IBBS-1.1-2007 Foreword 1. ADOPTED
More informationThe NHS Foundation Trust Code of Governance
The NHS Foundation Trust Code of Governance www.monitor-nhsft.gov.uk The NHS Foundation Trust Code of Governance 1 Contents 1 Introduction 4 1.1 Why is there a code of governance for NHS foundation trusts?
More informationInternal Audit Standards
Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing
More informationStatement of Guidance
Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationFINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements
GHTF/SG4/N28R4:2008 FINAL DOCUMENT Title: Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Authoring Group: GHTF Study Group 4 Endorsed by: The Global Harmonization
More informationCONTENT OF THE AUDIT LAW
CONTENT OF THE AUDIT LAW I. GENERAL PROVISIONS Article 1 This Law shall regulate the conditions for conducting an audit of legal entities which perform activities, seated in the Republic of Macedonia.
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationNetwork Certification Body
Network Certification Body Scheme rules for assessment of railway projects to requirements of the Railways Interoperability Regulations as a Notified and Designated Body 1 NCB_MS_56 Contents 1 Normative
More informationn130910 version of 26 november 2013 sccm Information about performing internal audits
Information about performing internal audits sccm Information about performing internal audits 1 We at SCCM are convinced and our experience has proven that any organization, large or small, will achieve
More information23. The quality management system
23. The quality management system Version 2.0 On this page: Mandatory requirements: Extracts from the HFE Act Extracts from licence conditions HFEA guidance: Definition of the quality management system
More informationPreparation of a Rail Safety Management System Guideline
Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management
More information- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
. Board Charter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1. Interpretation 1.1 In this Charter: Act means the Companies
More informationSAFETY and HEALTH MANAGEMENT STANDARDS
SAFETY and HEALTH STANDARDS The Verve Energy Occupational Safety and Health Management Standards have been designed to: Meet the Recognised Industry Practices & Standards and AS/NZS 4801 Table of Contents
More informationAppendix 3 (normative) High level structure, identical core text, common terms and core definitions
Appendix 3 (normative) High level structure, identical core text, common terms and core definitions NOTE In the Identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic
More informationContractor s Obligations and Liability when Work is Contracted Out
Contractor s Obligations and Liability when Work is Contracted Out Introduction There are many ways of combating the negative effects caused to enterprises by the grey or undeclared economy and unhealthy
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationSwedish Code of Conduct for fund management companies
Swedish Code of Conduct for fund management companies Adopted by the Board of Directors of the Swedish Investment Fund Association on 6th December 2004. The Code was most recently revised on 26 th March
More informationJanuary GROUP CODE OF CONDUCT
January 2013 GROUP CODE GROUP COMMITMENT 1 GROUP COMMITMENT Through its retail and corporate & investment banking networks, and through all its business lines based on insurance, investor services, specialised
More informationMANAGEMENT SYSTEM FOR A NUCLEAR FACILITY
GUIDE YVL A.3 / 2 June 2014 MANAGEMENT SYSTEM FOR A NUCLEAR FACILITY 1 Introduction 5 2 Scope of application 6 3 Management system 6 3.1 Planning, implementation, maintenance, and improvement of the management
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationContents. Management Policy Manual SEM USA Page 2 of 12
SEM USA Page 2 of 12 Contents 1. The Schneider Electric Motion USA Management Policy... 3 2. PROCESS INTERACTION... 4 3. COMPANY OBJECTIVES:... 5 4. MANAGEMENT SYSTEM... 6 4.1. General Requirements...
More informationAct on the Supervision of Credit Institutions, Insurance Companies and Securities Trading etc. (Financial Supervision Act)
KREDITTILSYNET Norway Translation updated August 2003 Translated by Government Authorised Translator Peter Thomas This translation is for information purposes only. Legal authenticity remains with the
More informationRisk & Compliance Committee Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company )
Risk & Compliance Committee Charter HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board approval date: 27 October 2015 Contents 1. Introduction and Purpose of this Charter...1 2.
More informationQUAๆASSURANCE IN FINANCIAL AUDITING
Table of contents Subject Page no. A: CHAPTERS Foreword 5 Section 1: Overview of the Handbook 6 Section 2: Quality Control and Quality Assurance 8 2. Quality, quality control and quality assurance 9 2.1
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationKey Elements Procedure 3 Production and Engineering
Key Elements Procedure 3 Production and Engineering LIST OF CONTENTS 1. Foreword...... Page 2 2. Technical Documentation and Methodology...... 3 3. Quality Assurance at Product Development... 7 Issue 1
More informationMandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong
Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6
More informationCorporate Governance Statement 21 October 2015
Minotaur Exploration Limited (the Group) and its Board adheres to superior standards of corporate governance. The Board reviews the governance framework and practices to ensure they meet the interests
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationAct on the Supervision of Financial Institutions etc. (Financial Supervision Act)
FINANSTILSYNET Norway Translation update January 2013 This translation is for information purposes only. Legal authenticity remains with the official Norwegian version as published in Norsk Lovtidend.
More informationChecklist for Customer Protection Management
Checklist for Customer Protection Management I. Development and Establishment of Customer Management System by the Management Checkpoints - Customer Protection as referred to in this checklist covers (1)
More informationGeneral Terms of Public Procurement in Service Contracts JYSE 2014 SERVICES
General Terms of Public Procurement in Service Contracts January 2015 Contents Introduction...3 Issues to be observed in applying...5 General Terms of Public Procurement in Service Contracts ()...9 1 Definitions...9
More informationThe Association of Professional Compliance Consultants Professional Standards for Member Firms
These Professional Standards were adopted by the Association with effect from 9 March 2010. The purpose of these Standards is to provide guidance to Members Firms on the minimum standards that the Association
More informationKINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS
KINGDOM OF SAUDI ARABIA Capital Market Authority CREDIT RATING AGENCIES REGULATIONS English Translation of the Official Arabic Text Issued by the Board of the Capital Market Authority Pursuant to its Resolution
More informationGUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES
GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES Issued: 15 March 2005 Revised: 25 April 2014 1 P a g e List of Revision Revision Effective Date 1 st Revision 23 May 2011 2 nd Revision 16
More informationDEPARTMENT OF HEALTH. No. R. 173 8 March 2013. NURSING ACT, 2006 (Act No. 33 of 2005)
STAATSKOERANT, 8 MAART 2013 No. 36234 3 GOVERNMENT NOTICE DEPARTMENT OF HEALTH No. R. 173 8 March 2013 NURSING ACT, 2006 (Act No. 33 of 2005) Regulations Relating to the Accreditation of Institutions as
More informationRules for the admission of shares to stock exchange listing (Listing Rules)
Rules for the admission of shares to stock exchange listing (Listing Rules) TABLE OF CONTENTS: 1. GENERAL... 3 2. CONDITIONS FOR ADMISSION TO LISTING... 3 2.1 GENERAL CONDITIONS... 3 2.1.1 Public interest,
More informationQUALITY MANUAL. 90a BROOMFIELD ROAD CHELMSFORD ESSEX CM1 1SS. Version 3 Page 1 of 67 Feb 2013
90a BROOMFIELD ROAD CHELMSFORD ESSEX CM1 1SS 01245 261345 Version 3 Page 1 67 Feb 2013 Copyright 2012. This Manual and the information contained herein are the property Gillett Morrissey. It must not be
More informationOrdina does not have a one-tier board. In view of the above, a limited number of the Code s best practices do not apply.
CORPORATE GOVERNANCE STATEMENT This is a statement regarding corporate governance as meant in article 2a of the decree on additional requirements for annual reports (Vaststellingsbesluit nadere voorschriften
More informationTG 47-01. TRANSITIONAL GUIDELINES FOR ISO/IEC 17021-1:2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES
TRANSITIONAL GUIDELINES FOR ISO/IEC 17021-1:2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES Approved By: Senior Manager: Mpho Phaloane Created By: Field Manager: John Ndalamo Date of Approval:
More informationQUALITY MANUAL ISO 9001:2015
Page 1 of 22 QUALITY MANUAL ISO 9001:2015 Quality Management System Page 1 of 22 Page 2 of 22 Sean Duclos Owner Revision History Date Change Notice Change Description 11/02/2015 1001 Original Release to
More informationFINE LOGISTICS. Quality Manual. Document No.: 20008. Revision: A
FINE LOGISTICS Quality Manual Document No.: 20008 Revision: A 20008 Rev. A FINE LOGISTICS, Quality Manual Page 1 of 24 Quality Manual: Table of contents Number Section Page 1. GENERAL 3 1.1 Index and revision
More informationISO 9001:2008 Audit Checklist
g GE Power & Water ISO 9001:2008 Audit Checklist Organization Auditor Date Page 1 Std. 4.1 General s a. Are processes identified b. Sequence & interaction of processes determined? c. Criteria for operation
More informationIntroduction to the legal framework. COM(2011) 656 final (hereinafter MiFID II).
Baker & McKenzie Belgium Client Alert 10 March 2014 For more information, please contact Pierre Berger Partner pierre.berger@bakermckenzie.com Laura Anckaert Associate laura.anckaert@bakermckenzie.com
More information